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I. 



INTRODUCTION 



The World Wide Web (www) and the Internet generally are not inventions of the 
last decade. Their history dated from the early 70’s when it started as ARPANET 
(Advanced Research Projects Agency Network), a military wide area network for the US 
DOD. During the ARPANET projects, packet switching and a new communications 
protocol suite were developed: The Transmission Control Protocol/ Internet Protocol, 
widely known as TCP/IP. 

During those years, only Government facilities. University campuses and large 
corporations used mainframes, minicomputers, or supercomputers to run their 
applications. However, the evolution of Personal Computers (PC’s) in the early eighty’s 
has boosted web activities to the business and public sectors. This development combined 
with the significant reduction of PC prices provided people with greatly enhanced 
computing power. This fact was combined with a tremendous increase in computer 
performance, which started primarily in the past deqade. In addition, the evolution of 
land-based and satellite telecommunication provided access to this increased computing 
power through the Internet on a worldwide basis. 

One of the crucial factors that supported this ability was the evolution of web 
servers. Through this technology, people can connect to and exchange information with 
most remote locations. Today, computers and the Internet can be thought of as a mass 
medium for communication among the people; in few years in will be as necessary as the 
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telephone is today. One current use of the Internet is for IP Telephony, which can deliver 
voice, fax, or video packets in a dependable flow to the user. So, the replacement of 
conventional telephony with IP may occur in the near future. 

Furthermore, web technology is now radically transforming the traditional way of 
doing business. E-commerce is the present and the future way of doing business, selling 
any kind of items from software to agricultural products. "Friction Free economy theory" 
as described by Naval Postgraduate School (NPS) Professor Ted Lewis [Ref.l], resets 
Adam Smith’s and Maynard Keynes’ economic theories, at the speed of the Internet. So, 
the Internet is pervasive and whoever ignores this fact, will soon fall behind and 
eventually disappear from the "business decision chessboard". 

Web technology is used by many organizations, institutions and business 
corporations. Among them is the Naval Postgraduate School. The use of the Internet is 
necessary for both faculty and students. Classes, notes, assignments, presentations, and 
other sources of information about a course or an academic issue can be placed on a web 
site. Everyone who has a connection to the Internet can access, browse, copy or print 
anything that the user needs. E-mail is widely used and is one of the primary means of 
exchanging ideas and assignments. 

The implementation of public web sites requires configuration of a program, 
called a web server, which has to be installed on a publicly accessible computer. A web 
server is a program that runs under a designated machine and operating system for 
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making documents available to Internet visitors through a web browser. A web browser is 
a client program that provides a way to view and interact with information on a web 
server. By visiting a web site, we can see a large variety of web pages. Some of the most 
well-known and widely used browsers are Microsoft’s Internet Explorer and Sun’s 
Netscape Navigator. 

Thus, through a thorough study of web server technology, and after considering 
the advantages and the disadvantages of each case, this thesis will define which solution 
is most appropriate in configuring a web server of an academic intranet. 
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II. WEB SERVER TECHNOLOGY 



A web server is a system that combines hardware and software with the mission 
to provide information to clients. This system receives requests for information from a 
client via the Internet and after processing these requests and checking their validity, 
retrieves or generates the desired information and transmits it back to the client. A web 
server utilizes the client/server model and the World Wide Web’s Hypertext Transfer 
Protocol (HTTP) provides web pages to users. Every computer on the Internet that 
contains a web site must have a web server or alternatively the web site files must be 
uploaded to a computer that has a web server. 

The factors that have significant impact on a web site performance are the 
hardware that hosts the server, the operating system under which it runs, and the web 
server software. After thorough research on the Naval Postgraduate School campus, forty 
web servers were found to be in operation. Appendix A, contains information about them 
and Appendix B contains a web server baseline assessment. 

A. NETWORK PROTOCOLS 

A necessary part of the technology required to setup an Internet or Intranet 
environment in a company is to select a specific protocol for use on the corporate 
network. The protocol that is widely used for Internet technologies is known as the 
Transmission Control Protocol /Internet Protocol or TCP/IP. This protocol can operate on 
Ethernet or Token Ring Local Area Networks (LANs), on various Wide Area Networks 
(WANs), and even over standard telephone lines that are connected to a modem. UNIX 
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systems have implemented TCP/IP as a standard feature. Smaller systems like Windows 
9x and NT have TCP/IP built into their operating system. 

Mainframes also use TCP/IP in conjunction with proprietary networking 
protocols. Some examples are IBM’s SNA and DEC’S DECnet. 

B. HARDWARE PLATFORMS FOR WEB SERVERS 

Regarding hardware, there are three main categories in which web servers 
"reside". These include: 1) UNIX systems like Sun, Silicon Graphics, IBM, and or HP 
2) Windows based systems that can utilize Intel, RISC technology. Alpha, AMD or 
Cyrix processors, and 3) Apple’s Macintosh systems that use Motorola 68x, or PowerPC 
processors. The UNIX operating systems, such as LINUX, Sun OS, Solaris, HP/UX, 
IBM/AIX and IRIX are primarily used in large systems, while smaller systems like PCs 
run under Microsoft’s Windows 9x, NT or Windows 2000 operating systems. In 
Appendix C, there is a suggested configuration for a PC/Windows 9x-NT platform. 

For web server software, it was observed that larger systems use Apache and 
Netscape’s Enterprise Server while the smaller systems primarily used Microsoft’s 
Internet Information Server (IIS) web server. Of course, there are some other 
combinations of hardware platforms, operating systems and web server software. 

Web servers often come as part of a larger package of Internet- and intranet- 
related programs for serving e-mail (e-mail servers), files (ftp servers), and building and 
publishing web pages (web publishers). Considerations in choosing a web server include: 
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how well it works with the operating system (that runs in a specific computer) and other 
servers, its ability to handle server-side programming and publishing, search capabilities, 
and web site construction tools that may be included. 

C. WEB SERVER SOFTWARE SOLUTIONS 

The software to be used for a web server is closely related with the hardware 
platform that will host the web server. We can divide this software in two main 
categories; UNIX/LINUX based machines and the Windows 9x-NT machines. 



1. Unix-Linux Based Web Servers 

Web servers with heavy traffic require machines that are usually running under 
Unix-Linux operating Systems. The most popular web server is .Apache, an open source 
web server that is free [Ref.2]. Apache is available for both 32-bit Windows and L"NTX- 
LENTJX based operating systems, (see Figure 1) 




Figure 1 : Apache Web Server Logo 



2. PcAVindows 9x-NT Based Web Servers 

For relatively light to medium traffic on a web site, Microsoft provides Internet 
Information Server (IIS). IIS is bundled v.hth Windows NT server. For PC's that use 
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Windows 9x/2000 as their operating systems, there is a special version of IIS called 
Personal Web Server (PWS) [Ref.3] (see Figure 2.). Netscape offers, its Fast Track and 
Enterprise serv'ers. If the web site is expecting to have heavy traffic, OReilly's WebSite 
[Ref.4] (see Figure 3). Smart desk Personal Web Server, Imatix Xitami [Ref.5] and Sun's 
Java web Server are some of the solutions that can handle the load effectively. All of 
these web servers can be downloaded for free from the Internet. 




Figure 2; Microsoft's Personal Web Ser\'er (PWS) Main Window 




Figure 3; O'Reilly’s Website Professional Server Properties Page 
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3. Windows 2000 Based Web Servers 



Another solution for the enterprises that wish to upgrade from Windows NT based 
Internet Information Serv'er (IIS) version 4.0, is the latest version IIS V.5.0. This version 
is included with Microsoft 2000 Server editions. IIS 5.0 is a high performance web serv'er 
containing many improvements compared with the previous IIS versions. Its first 
characteristic is the smaller size (about 30 MB) of the files. In addition, IIS v 5.0 provides 
performance application protection, security enhancements. Furthermore, it supports 
many standards such as Fortezza (a new D.O.D security standard). Transport Layer 
security (using SSL v 3.0), Digest Authentication (a method of hashing authentication 
information introduced in Internet explorer 5.0) and Kerberos v 5.0 authentication 
protocols that are used in Windows 2000. Finally, IIS v5.0 features Web based 
Distributed Authoring and Versioning (WebDAV), which is a standard designed to 
simplify the construction of intranets and provide the ability for multiple users to publish 
documents to a common Web server. 

On the other hand, there are some cons such as the lack of a Unix version, and the 
lack of documentation on the newest features. In addition, IIS runs only on the Serv'er 
edition of Windows 2000 and the remote Web-based administration is still somewhat 
lacking. [Ref. 6] 

D. W1EB BROWSER SOFTWARE 

A web browser is a program that is used to view the web pages that exist on 
various w^eb sites. The tvpes of computing platforms we use can influence the selection of 
an appropriate browser. So, first we have to check the operating systems that run under 
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the respective hardware platforms and the versions we need. Another characteristic to 
consider is the browsers' Java-capability. The most widely used web browsers are Sun’s 
Netscape Navigator (see Figure 4), and Microsoft's' Internet E.xplorer (see Figure 5). 




Figure 4: Netscape Navigator 




Figure 5: Internet Explorer 
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E. 



OTHER WEB SERVERS 



NovelTs offers a web server for users of its NetWare operating system and IBM’s 
family of Lotus Domino servers are used primarily for IBM’s OS/390 and AS/400 
mainframe computer customers. These web servers are used to handle high volume 
needs. 



In the world of unique, there is the Matchbox web server, which is the smallest 
web server, ever created. This server runs on a single-board AMD 486-SX computer w'ith 
a 66 MHz CPU, utilizes 16 MB RAM. and 16 MB flash ROM, which is big enough to 
hold an adequate amount of the Red Hat 5.2 Linux operating system, including the HTTP 
daemon that runs the web server. It communicates with the outside world via tw^o serial 
ports, a printer port, and a connector for a floppy drive. It measures 2.8” x 1.8" for an area 
of 5 square inches. Being 0.2” thick, this makes the volume one cubic inch (16 cc’s). It 
weighs 3/4 oz (20 grams). This server w'as constructed in the Wearable Computing 
Laboratory at Stanford University [Ref.7] (see Figure 6). 




Figure 6; The Matchbox Web Serv^er 
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F. HOW A W^B SERVER WORKS 



Generally speaking, a serv'er is a computer program that provides services to other 
computer(s) (see Figure 7). 



Request HTML page from server 




^ Send an HTML page to client 




Client 



Server 



Figure 7: Client/Server Programming Model 



In the client/server programming model, a server is a program that awaits and 
fulfills requests from client programs in the same or other computers. A given program 
(application) in a computer may run as a client which requests services from other 
programs and as a server of requests from other programs. 



For our purposes, a web serv^er responds to requests for HTML pages. A page is 
the basic unit of information transfer on the web, although, the user can request a 
download of a file. A web client is the requesting program associated with the user. The 
web browser (i.e. Netscape Navigator or Internet Explorer) in our computer is a client 
that requests HTML pages from web servers. 
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III. 



OVERVIEW OF A WEB SERVER 



A. WEB SERVER CHARACTERISTICS 

1. Factors that Affect the Choice of a Web Server 

Generally, ail web serv'ers perform the function of delivering a document to a 
client(s) when the document’s web address (or to be more specific, the Uniform Resource 
Locator (URL)) is requested. 

Web servers have many capabilities. Common features include the ability to log 
accesses to files or databases, execute applets that may be written in languages like Java 
or JavaScript, execute server side scripts and process “clickable” image maps. Security 
features t>'pically allow a web site administrator to restrict a portion of the document tree 
to authorized users. Since, most sites are usually limited by the speed of their netw'ork 
connection, the performance of a web server (with only few exceptions) should not be a 
major factor in the choice of our web serv'er. Of course, a crucial factor is the size of the 
documents, images or other files that we'll be serving. , 

-Another critical issue in the choice of a w'eb serv'er is the operating system that the 
hardware platform will use. Some of the options offered, include the Unix family of 
operating systems, Windows 9x or NT or 2000 and Apple's OS. All of these have 
advantages and disadvantages, but they all support the TCP/IP protocol, which is 
essential for the operation of a web server. 
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2. Overv iew of a Personal Web Server 



As previously mentioned, a personal web server is a program that can turn a 
personal computer into a web serv'er. Generally speaking, what ever is personal is 
something not in large scale or size. So. a personal web serv'er covers the needs of an 
individual or a small business. The use of such kind of web serv'er, provides us with some 
advantages and but there is also some limitations that we must keep in mind. 

3. Advantages of Using Personal Web Servers 

The first advantage is the ability to maintain our own log files. This feature gives 
us information about our web site traffic and data of each visitor. In addition, our site can 
function as a simple FTP serv'er by allowing users ” browse directory”. This method helps 
the visitors of our site to browse folders and access publicized files faster than if we put 
them in web pages. Finally, ease of use and simplicity is very essential for non- 
experienced developers in order to develop an entrv'-level web serv-er. 

4. Limitations of Personal Web Serv ers 

Personal web servers are made for serving a limited volume of web traffic. This 
primarily means that they can efficiently handle only five to ten visitors simultaneous 
connections. So, if we expect higher traffic, more robust web serv'er will be required. 
Microsoft’s Internet Information Server (IIS) or Apache’s web serv’er are common 
solutions in high traffic cases. 
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B. 



WEB CLIENT CHARACTERISTICS 



Recall from Chapter II that a web browser (i.e. Netscape Navigator or Internet 
Explorer) plays the role of a client that requests HTML pages from w'eb serv'ers. There 
are a wide variety of web browsers available for use today. Some Internet Ser\ice 
Providers (ISP’s) such as America on Line (AOL) offer w'eb browsers along with their 
connection softw-are package. Nevertheless, the largest slice of the web brow'ser market 
belongs primarily to tw'o: Microsoft Internet Explorer and the Netscape Navigator. 

Internet Explorer (EE) is the w'eb browser that Microsoft offers with Windows 95 
or 98. The latest version of EE is 5.5. is bundled with Windows 2000 Professional, but can 
also be downloaded for free from the Microsoft’s web site. Sun Microsystems, offers 
Netscape Navigator. Navigator is the browser component of th'e Netscape 
Communicator softw'are package that contains several other tools, such as Messenger 
(email) and Composer (web page editing). The latest version is 4.77 can also be 
downloaded for free from Sun’s web site. 

Both EE 5.5 and Netscape Navigator are excellent browsers and offer many tools 
to their users. They have a lot in common and do almost the same job using different 
methods. The evaluation of these two w'eb browsers is beyond of the scope of this thesis. 
Nevertheless, the major difference is the way they handle email. Because, EE 5.5 does not 
incorporate any mailing program, Microsoft offers (together with Windows 9x or 2000) a 
specialized email handling program called Outlook Express (see Figure 8). On the other 
hand, Netscape Messenger is an email client included in the Netscape Communicator 
package (see Figure 9). 
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C. WEB SITE DEVELOPER TOOL CHARACTERISTICS 

A web server can manage one or more web sites. Every web site consists of one 
or more web pages. For the educational purposes of this thesis, I developed a web site 
named NPS Student Information Center (XPSSIC). This web site has a welcome page 
that offers two choices; An English site and a Greek one. The w'elcome pages of this site 
are shown on Appendix D. 

Microsoft Front Page 2000 was used to develop the necessary web pages (see 
Figure 10). This software tool, which provides flexibility and multiple features, proved to 
be very handy and useful. The resemblance with the other Microsoft applications such as 
Microsoft Word and the user-friendly environment gives Front Page 2000 an advantage 
over the other web page developing tools. Recently, Microsoft’s Front Page 2000 was 
rated as an editor’s choice for novice users who want to design simple web sites [Ref.8]. 
For the advanced users who wish to design an advanced site editor’s choice went to 
Macromedia's Dreamweaver 3 [Ref.8]. 

Front Page 2000 has the ability to edit different kinds of web pages like HTML 
format (.htm). Cascading Style Sheet (.css) format or Active Sever Pages (.asp) format. 
.ASP is a server-side scripting language. This means that .ASP code is first processed at 
the server and then it is sent to the web, while HTML pages are processed by the client 
(web browser). This .ASP characteristic gives additional security to our web pages, 
because we can write code that will never be viewed from a web brow'ser. 



17 



^ £c« Jfrvert f^naaC Jodi F;jr»w ^£!ifOt>t* Hofe 

c-i?-a 3 a«iv^ a<7 ■ ■ ■>- • 2 ;c ’2 ««. ■ © ir 3 . 

'Nryrr' - fCfiO » f<r-riA ' Si'S - ^ ^ 










■ . #.. 

. "F 






I IjJ 



ClJ ^^toWrtOiovwf 28 ^ 

JB Start. ^ ^ ^ ^ ^ 3T^''»ro«e^''*^-CVw!;^*i>cj^^ St^StuCicK Wi-on.... iuH> :t:30A« 



-VJW 



Figure 10; Microsoft Front Page 2000 



In addition, Microsoft FrontPage provides the following support that let us take 
the advantage of advanced Web browser technology [Ref. 9]: 



1. ActiveX controls 

ActiveX controls are software components that we can reuse and insert in our web 
pages in order to produce multimedia effects, pop-up menus, interactive menus, and other 
sophisticated applications. These controls can be written in a variety of modem 
programming languages such as Java, C-i-r and Visual Basic. 



2. Java Applets 

Java applets are like the .ActiveX controls that are written in Java programming 
language. These applets can provide dynamic elements and interactive characteristics on 
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Web pages. Thus, when we browse a w'eb page that contains a Java applet, its 
components are dow'nloaded and executed at a run time, only for that browsing session. 

3. Web Browser Plug-ins 

Plug-ins are small software pieces that can extend the functionality of a web 
browser. Using plug-ins we can make our brow'ser capable of handling specific file types 
like image files, sound files or animation files. Plug-ins are supported by Internet 
Explorer 4.0 or later. 

4. Scripts 

Scripts are pieces of programming code that we can add to web pages for Web- 
based solutions development. Using scripts we can handle page elements without 
knowing the details of HTML code. 

5. Secure Socket Layer 

Another useful feature of Microsoft FrontPage 2000, that is not only useful but 
also necessary for the electronic commerce, is Secure Socket Layer (SSL). SSL is an 
open standard that was designed to prevent hackers to intercept private or sensitive 
information (such as bank account numbers, credit card numbers or social security- 
numbers) sent over a netw'ork or through the Internet. Using SSL our web browser 
encrypt its communication with a web server. 

FrontPage can take advantage of SSL in the following w'ays: 

• Communicate securely between the client and the web server. 
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• Create secure hyperlinks in our web pages. Secure hvperlinks are indicated 
by https:// instead of the http:// before the URL or the Internet address of the 



web server and the target page. 

Web ser\'ers that support the SSL standard include Microsoft IIS, Netscape 
Enterprise Server, O'Reilly WebSite Professional and Stronghold Web Server. Since SSL 
feature is not enabled by default, we have to check it in order to activate it. 
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IV. 



WEB SITE DEVELOPMENT 



A. INTERNET CONNECTION 

When we consider the construction of our w'eb site the first problem to be 
resolved is the Internet connection that this site will utilize. First, w-e could install it on a 
web serv'er provided by an Internet Service Provider (ISP). Second, w'e could host a w-eb 
server on an ISP site. Finally, we could install a high-speed Internet connection (i.e. DSL) 
that will be dedicated for use from our web server. Each of the previously mentioned 
solutions has advantages and disadvantages. The factors that must be taken into 
consideration, in order to achieve the highest performance with the lowest budget, 
include: 

• The type and the source of information that our web site will be serving, 

• The amount of traffic, which will be generated. 

• The Internet connectivity that is in place within the organization. 

B. LOCATION OF THE WEB SERVER 

In choosing the location of our web server, we must consider the following four 
main connecting options: 

• The first is to connect it on an Intranet or a LAN without a firewall, 

• The next is our server will be connected to stubnet, 

• The third is it inside an Intranet or a LAN and inside a firewall, 

• The last is to connect it outside an Intranet or a LAN and out side a 
firewall. 
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All the above options have their pros and cons and we have to decide having as 
criteria, the above-described factors. Firewalls are systems that protect our serv'ers from 
outer attacks. They are described in more detail below in the paragraph nam.ed “WEB 
SERVER SECURITY’'. 



1. Connecting the Server on a LAN or Intranet 

Putting our web seiwer inside a local area network or an Intranet (see Figure 11) 
could provide us with some advantages, but w'e would have some limitations too. 
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Figurel 1: .A. Web Server Inside a Local Area Network (LAN) [Ref. 13] 



In this case we connect our server (as the rest of the LAN computers), directly to 
the hub, the hub is connected to the router, which in turn is directly connected to the 
Internet Service provider. 

a. Positives 

Installing our web server inside a Local Area Network could provide us 
higher security. Security can be provided by a proxy serv'er (firewall), w’hich protects all 



00 




the LAN computers from possible attacks. Furthermore, we will have faster access to the 
Internet using the high-speed routers that the network utilizes. 
b. Negatives 

First, we are not fully independent to do what we like and we have to comply 
with the security or other regulations of the LAN administrator. Second, any problem that 
shuts down the LAN will bring down our web serv'er while the problem exists. Finally, 
w'e may be obligated to choose the same hardware and software used by the other LAN 
computers. 

2. Connecting the Server to a Stubnet 

A stubnet is actually a subnet with few' connected computers. The rest of the LAN 
can be connected to the Internet, as previously mentioned (see Figure 12). 
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Figure 12: A Web Server Connected to a Subnet [Ref. 13] 



23 







The device that appears in Figure 12, used to join individual subnets to the 
Internet (via a router) is a switch but it can also be a bridge. A bridge is used to separate 



two or more local networks. It can pass traffic between the networks, based on 
knowledge about which hosts are on which interface on the bridge. 

a. Positives 

Since the web server is isolated from the other LAN(s), the performance of 
both the web server and the LAN(s) can be improved. 

b. ISegatives 

Installing our web server outside a Local Area Network security environment 
is more vulnerable to possible attacks. 

3. The Server is Inside an Intranet or a LAN and Inside a Firewall 

When we put our web server inside a LAN (see Figure 13), which is connected to 
a firewall system, we have to configure the firewall in order to allow the HTTP traffic 
that is forwarded to and from our server. 




Figure 13: A Web Server Connected Inside an Intranet or a LAN and Inside a Firewall 
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Of course, using this topology can be a considerable security risk. The solution 
to this issue is to use a proxy HTTP serv'er in our firewall system. The proxy serv'er 
blocks the direct access to the LAN and our server. When a proxy server receives a 
request from the Internet, it contacts the web server and retrieves the requested web page. 
Since, most of proxy serv'ers provide caching, then the web pages that have been recently 
accessed are stored on the proxy server and proxy’s sole responsibility is to check if the 
file that in cache and the file that is in the ser\'er are identical. If they are different, it 
retrieves a copy, it places it to its cache and sends it to the user who requested it 
otherwise it sends the cached copy. 

a. Positives 

Using caching techniques, the performance of our server can be high. In 
addition, possible attacks can reach only the cached web pages and files located on our 
web server or on LAN computers remain untouched. 

b. Negatives 

This solution is more complex and simultaneously more expensive, because it 
demands more hardware and software. 

4. Server is Placed Outside a LAN and Outside of a Firewall 
The final alternative is to connect our web serv'er directly to the Internet and 
outside a firewall (see Figure 14). This topology allows bypassing the complexity of the 
previous solution and provides us with higher level of freedom and functionality. So, we 
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have absolute control of the web serv’er. Furthermore, we avoid the traffic that leads to 



and from the LAX. 
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Figurel4: A Web Serv'er Connected Outside the Internet or a LAN and outside a Firewall 

a. Positives 

Installing our web server outside inside a Local Area Network we can have 
complete control over the server. In this case w'e connect our PC directly to the Internet. 
You can choose the combination of hardware and software that provides the features that 
you w'ant. Set up access control and security restriction 

b. Negatives 

The price of independence is balanced by security problems that can be 
encountered by possible attacks of some hackers. 



C. CHOOSING THE RIGHT HARDWARE ANT) SOFTWARE 
1. Hardware 

The platform that will be used is a crucial factor that will also influence the 
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software to be used. The higher the performance of our machine is the better the results 
of our web ser\'er will be. Of course, we have to bear in mind that the crucial factor that 
will affect our decision in choosing the right hardware is the level of our business or 
organization. This means that if our business is relatively small, it would be waste of 
money to purchase ver\' expensive, high-end machines in order to cover a low traffic web 
server needs. 

For the purpose of this thesis, we will experiment with two web serv^ers and install 
one server in a personal computer with a Pentium 200 MMX CPU and 82 MB of RAM 
and a second in a personal computer with a Pentium 233 MMX CPU and 64 MB. The 
operating systems will be Windows 2000 Professional and Windows 95 respectively. In 
the Pentium 200 PC we will install and use the Internet Information Services (IIS) 
version 5.0-web server and in the Pentium 233 PC will utilize Microsoft Personal Web 
Server (PWS) version 4.0. 

2. Network Models 

By-passing the previously mentioned topologies, we will w'ork on a tw'o computer 
L.A.N. Initially Pentium 200 MHZ PC will play the role of a serv'er and the Pentium 233 
PC the role of a client (see Figure 15). Later the roles will be reversed and the Pentium 
233 will play the role of the server and the Pentium 200 PC the role of a client (see 
Figure 16). Both PC’s will form a small peer- to-peer LAN connected by coaxial cable 
usins two Ethernet Cards. 
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Pentium200 as a web server (IIS web Pentium233mhz as a web 

server), sends a web page client, requests a web page 



Figure 15: First Web Server/Client Model 








Coaxial cable 




Pentium200 as a web client requests 
a web page 



Pentium233 as a web server 
(Personal w'eb server), sends 
a W'eb page 



Figure 16: Second Web Server/Client Model 



3. Personal Web Server 
a. Installation 

Personal Web Server is packaged with Microsoft IIS as part of NT 4.0 option 
pack. PWS is characterized as a desktop entry-level web server specifically suited for 
Windows 9x-or NT Workstation operating system users. The necessary softw'are is 74.6 
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MB and can be downloaded at no charge from Microsoft’s web site (see Figure 17). Once 
PWS is installed, it will run automatically each time the computer stans. The only sign 
that shows PWS' activation is a small tray icon that appears at the right side of the 
taskbar (see Figure 18). 
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Figure 17: Setup Page of Personal Web Server 



Personal V-/eb Server is running. 



Figure 18: Icon Activation of PWS 
b. Features 

In addition to web server capabilities. Personal Web Ser\'er kit includes the 

following: 

• Transaction Server 

• Data Access Components 



29 



Message Queue Server Client 



• Easy Administration 

We can run the PWS by accessing the default web page and checking the main 
page of the serx'er. which controls the function of the serv'er. A snapshot with some 
statistics about the log activity (visitors per hour) that pentium233mhz web server had, is 
shown on Figure 19. 



^oocttKs. 









Pubfch 






. our 



Main 

-Pcifchng 

p<i)feiTri5 s ort Ycsu home e 

hf:y 



Stop 



Ock Stop to moke the <emt onyou sie uravaiobfe 



You home drectory 

|T o change pubfehcd dBCctooex dck "AdvofXwT r> the fat on the feJt } 



Momtomc 

Active comecbonr 4 
Stertedet 9:09 AM on 
8/22AX1 
Vbkots: 2 
Reoueste: lU 
Syt« served: 174222 
Most ccncurent coinec t iorg: 4 



View Statistics: 




Hour 






Figure 19: Main Page of Personal Web Server (PWS) Installed in the Pentium233mhz PC 



Another alternative for users running Windows 2000 Professional, is to activate 
Personal Web Manager (PWM) which was the interface of Personal Web server for the 
users of Win 9x or NT Workstation. Personal Web Manager occupies 1.4 Mbytes and is 
one of the nine components of IIS v 5.0 (see Figure 20). Both PWM and IIS can be 
activated and installed following the sequence; Control Panel - Add/Remove Programs- 
Add/Remove Windows Components. 
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Figure 20: Internet Information Services (IIS) Version. 5.0 Components 

The advantages and disadvantages of the Microsoft’s Personal Web Server are 
similar to Personal web serv'er’s and are listed as follows: 
c. Advantages 

(1) Using PWS w^e have the ability to create a welcome page (home 
page). The welcome page is the first page that a user sees when accessing our web site 
and provides navigation (links) to the rest of our site. Nevertheless, in our web site 
development, we used the Microsoft’s Front Page 2000 for designing not only the 
welcome, but the entire set of necessary web pages as well. 

(2) PWS includes a w'izard that walks you through setting up a home 
page and sharing files. Personal Web Serv'er administrator reduces the complexity of 
running a Web server. Using the Personal Web Manager, we can start and stop the serv'er. 
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view statistics using bar charts, and easily share additional directories or the Windows 
Explorer. 

(3) Personal Web Server on Microsoft Windows NT Workstation is also 
ideal for developing Web applications for IIS. Furthermore, PWS on Window's NT 
Workstation includes support for features such as Active Server Pages (.asp), script 
debugging, and the Internet Serv'ice Manager, the comprehensive administration tool for 
IIS integrated into Microsoft Management Console. 

(4) We can also develop transactional Web applications for Microsoft 
Transaction Server (MTS), another part of Windows N*T Server. Personal Web Ser\'er is 
a great platform for testing a site before hosting it on a company’s server, or on an 
Internet service provider (ISP). So, we can test the web links, forms, scripts, and 
applications to be sure they will be displaying and working properly on the web. 
Moreover, we can use Microsoft’s FrontPage to easily copy a w'eb site developed on 
PWS and switch to a higher performance w'eb server such as the IIS. 

d. Limitations 

Because Personal Web Server was not designed to support high volume Web 
sites, it does not include all the features found in Internet Information Server, such as 
Microsoft Site Server Express. Index Server, and Certificate Serv'er. Due to its limited 
capabilities it’s ideal fortesting our web site inside a relatively small Intranet, before we 
publish it to the Internet. PWS traffic capabilities are limited on handling 8-10 clients 
simultaneously. 
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4. Internet Information Serv ice (IIS) 5.0 

a. Installation 

Internet Information Services 5.0 is not installed on Windows 2000 
Professional by default. Before we install it, we have to install the TCP/IP Protocol and 
Connectivity Utilities. For security purposes, Microsoft recommends that all drives used 
with IIS be formatted with NTFS. 

We start the installation by using the Add/Remove Programs application in 
Control Panel and then to choose .Add /remove Windows Components. IIS v5.0 
consists of about 30 MB of files that need approximately 10 minutes to be installed and 
configured. When we upgrade from Windows 95/98 to Windows 2000, IIS 5.0 will be 
installed by default only if PWS was installed on your previous version of Windows. 
Some other improvements are that we don’t have to install service packs and reboot our 
PC once we finish the installation. 

b. Features 

IIS web serv'er is designed for heavy traffic. However, if we know in advance 
the numbers of the expected visitors per day we can tune the server properly (see Figure 
21). If we don’t have this information, the best solution is to install a hit counter in our 
welcome web page and together with the log activity that we have for a certain period in 
our web serv^er we’ll adjust it for the optimal performance. 
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Figure 21: IIS Performance Tuning 



Using IIS. we can watch log activities by hour, day, week or month, and can 
limit the maximum number of connections permitted. We can also set the length of time 
in seconds before the server disconnects an inactive user. This ensures that all 
connections are closed if the HTTP protocol fails to close a connection. Another feature 
is '‘HTTP Keep-Alives” property. If we enable this property, we allow a client to 
maintain on open connection w'ith our serv'er, rather than re-opening the client connection 
with each new request. In case that we decide to disable “Keep-Alives” we may degrade 
our web server performance. 

c. Advantages 

The ns package is designed to cover high web traffic needs that PWS cannot 
meet. Furthermore, IIS provides to the users not only web server services, but some 
additional ones such as File transfer Protocol Services (FTP), Simple Mail Transfer 
Protocol (SMTP) services and New^s Services. The 5.0 version provides the users some 
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extra secunty enhancements such as restricting guest accounts and setting appropriate file 
permissions. 

Moreover, as we already mentioned in Chapter II, IIS supports the Fortezza 
security standard). Transport Layer security. Digest Authentication and Kerberos v 5.0 
authentication protocols used in Windows 2000. Finally, IIS v5.0 features Web based 
Distributed .Authoring and Versioning (WebDAV). which is a standard designed to 
simplify the construction of intranets and give the ability to multiple users to publish 
documents to a common Web server. 

d. Limitations 

Some hardw'are limitations are the high demand of RAM memory (in order to 
work efficiently it needs at least 128 MB and the hardw'are platform must be at least a 
Pentium 200MHZ). In our case, we run the IIS server on a 200 MHZ platform using only 
82 MB of RAM. In addition, the lack of a Unix version, and documentation on the 
newest features is a serious problem. Finally, IIS runs only on Server editions of 
Window's 2000 and the remote Web-based administration still needs to be improved. 

e. Web Server Management 

In addition to managing IIS from its own window, Windows 2000 
Professional gives us the ability to reach and manage IIS from a remote location. From 
Control panel. Administrative Tools we can open a Computer Management window and 
have the ability to control our computer with IIS included (see Figure 22). 




Figure 22; IIS Control from Computer Management of Win2000 



D. NAMING OUR COMPUTER. 

Naming, is giving a name to the computer that will host the web server. After we 
install the web server software in our computer, people can access our w'eb server and 
specifically our site. In some instances providing access to our site requires knowing our 
computer IP address, rather than just the computer’s name. Ever\' computer has a name 
and a unique 12-digit IP address. The default name for a computer is usually "default" 
(unless we change it) and in Window's 2000 Professional it can be seen if w'e click the 
Netw'ork icon in Control Panel and select identification (see Figure 23). In this instance 
the computer name is Pentium200. 
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Figure 23: Identification of a Computer in Windows 2000 Professional 
1. Providing a Web Site Domain Names 

While an IP address is something that we cannot easily remember, its more 
practical to have and use a name that can be memorized. For this purpose, we can utilize 
a domain name that identifies uniquely a computer (or host) that is connected on the 
Internet. The domain name consists of a actual domain and a suffix that is a Top Level 
Domain (TLD) name (e.g in www.mvweb.com , myweb is the actual domain and .com is 
the TLD. More details about TLDs are provided in Appendix E. In order to obtain a 
unique domain name, we must register it with a company that provides such services. 
Among them, are Intemic [Ref. 14], Network solutions , register.com . and NameSecure . 
which with a relatively small amount of money can provide a registered unique domain 
name for a certain period of time. In addition there are some web sites that offer free 
domain names like www.namezero.net . under some restrictions of course. 
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2- IP Addresses of the Two PCs 



Concerning the local IP address assigned to our machines, we chose one of the 
three groups of IP's that are valid for use on a machine connected to a private LAN (that 
won't collide with other machines). So. we used Class C IP addresses (ranging from 
192.168.0.0 to 192.168.255.255). The other two Classes are; Class A (10.0.0.0 to 
10.255.255.255) and Class B (172.16.0.0 to 172.31.255.255). Finally, Pentium200 
machine IP address is 192.168.0.1 and Pentium233 is 192.168.0.2. 

E. CREATING AND MANAGING THE DIRECTORIES OF OUR WEB SITE 

Files and directories (folders) that will be publicized must be organized before we 
install the web server. Our personal web server cannot publish pages that are stored 
outside the specific directories related with our w'eb site. 

1- Physical Directories 

The directory structure that can be seen by using the Windows Explorer is the 
physical directory. In our case, the files (web pages) of our web site are stored in 
C:\Inetpub\wwwroot directory. 

2. Virtual Directories 

Virtual directories are the structure that reflects the web site. This consists a 
hierarchy of virtual directories. There are three main reasons for using the virtual 
directories on web serv'ers; 
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a. Make the URL web pages shoner and easier to remember, because it 
reduces the tv^jing time. In order to do this the web master can assign a virtual directory 
name (or alias) to the specific directory^ For example, instead of tv'ping: 
www.mvnews.com/sports/carraces/formulal/lagunaseca/index.htm We can make the 
UHL shorter using a virtual directory that takes us directly to the web page that we w'ish.: 
www.mvnews.com/Iagunaraces/index.htm 

b. This provides the computer with extra security, because it hides the 
physical directory structure on this hard disk drive, from all the web site visitors. 

c. Finally, it allow's the Webmaster’s w-eb site structure to remain 
independent of the director)' structure on the hard drive. So, he can move files on the disk 
between different physical folders without having to change the structure of the w'eb 
pages. 



3. Publishing a Virtual Directory 

In order to create virtual directories, we use the web server. In addition, we can 
specify the relationships between the virtual directory and the physical directory. For this 
purpose, IIS have has a very handy Wizard which is called Virtual Directory Creation 
wizard (see Figure 24). .A.fter following the directions in this w'izard we end up with the 
creation of a virtual directory. An example is shown on Figure 25. 
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Figure 24: Virtual Directory Creation Wizard in IIS 
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Figure 25: Virtual Directory (HELLENIC_SITE) Created in IIS 



Using PWS we have the same ability. So, if we click the Advanced Options icon 
(see Figure 26). We can create a virtual directory. An example is shown on Figure 27. 
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Fisure 26: Virtual Directorv Handlins in PWS 
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Figure 27; Virtual Directorv CGR Site> Created in PWS 



F. >\TEB BROWSERS 

The web browser in our model plays the role of the client. The necessary feature 
in the selection of a modem w'eb brow'ser is to be Java language capable. Most modem 
web browsers support Java. For LAN environments we have to select the same web 
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browser for al! computers. Doing this, vve reduce the training and support time for the 
users. 

In our implementation, we used both, Netscape and Microsoft Internet Explorer, 
each of which are Java capable browsers. 

G. CONSTRUCTING THE WTB SITE TO BE HOSTED IN THE WTIB 
SERVER 

1. Web Page Authoring Tools/ HTML Editors 

HTML stands for Hypertext Markup Language, which is the source language for 
documents that used as web pages. HTML has the ability to embed commands that 
determine formatting along with the text to be displayed [Ref. 14]. There are two main 
categories of HTML editors. The first category can generate simple and raw HTML 
pages and the second provides a WYSIWYG (What You See Is What You Get) 
environment. The second category is the one that offers all the modem authoring 
features, such as sophisticated menus, automated wizards and macros. The interface of 
WYSIWYG web page tools is usually similar to that of a modem Word Processor and the 
user does not generally need to know how HTML works in order to use it. 

For the purpose of this thesis. I used Microsoft's FrontPage 2000, which is a 
WYSIWYG web-authoring tool that provides a friendly, graphical interface for tasks 
such as inserting tables, graphics, and scripts. 
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2. Front Page Extension Tools 

The Frontpage Server Extensions are a set of three programs that support features 
such as collaborative authoring, hit counters, e-mail form handling, and editing a Web 
site directly on a serv'er computer. FrontPage MMC snap-in is a program that you use to 
administer the FrontPage Server Extensions and FrontPage-extended webs. You can use 
it to extend vinual servers, create sub w^ebs, upgrade the server extensions on a web. 
conven folders into sub webs and vice versa or recalculate hv^perlinks in a web. 

The Microsoft FrontPage MMC snap-in has a complete help system providing 
FrontPage server extensions overviews and descriptions of serv'er extensions 
administrative techniques. [Ref. 15] 



H. \VEB SITE PERFORMANCE 

Some of the main factors affecting web site performance are: 

1. Large Graphics Richness. The more graphics a web page has. the more 
time the web browser needs to download the page. 

2. Sound-Video-Animation Files. The rule of large graphics also applies here. 

3. Network Connection Speed. The faster the network connection is the faster 
the w'eb page will appear on the user’s screen. 

In addition, the user’s hardware configuration, such as processor and RAM, may 
affect the final performance. 
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In our application (the XPS Student Information web site), I used only text with 
feu images. The background was almost white. No animation, video graphics or sound 
files were used. The connection speed was the highest possible, because the two PC's 
were interconnected in a LAN. 



I. W'EB SERVER SECURITY 

The most crucial chapter of the web server construction is the one that refers to 
security measures. No matter where we decide to place our web server, some security 
measures must be taken in order to avoid futures catastrophes. The security policy must 
cover not only outside "enemies" but "insiders” as well. Security mechanisms that 
protect the valuable data from outside intruders are called firewalls. A firewall is a 
combination of hardware and software, which sits between an Internal network and the 
Internet. Its primary objective is to limit the access in and out of our netw'ork, based upon 
an established security policy. Firewalls can also be used to reduce the outgoing traffic of 
our netw'ork by restricting users access to the Internet. The most common categories of 
firewall filtering mechanism are the following [Ref 16]: 

• Proxy Serwers. 

• Packet Filters 

• Application Gateways 

• Circuit-Level Gateways 

• Stateful Inspection 

The above firewalls use different filtering techniques in order to achieve similar 
goals: the elimination of possible attacks. There are also firew'alls that use combination of 
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these techniques, which can improve the security leve!. "Firewall scanners” are tools that 
allow you to check your corporate network and detect potential security holes in both the 
application and the operating system levels. Some of the most well-known firewall 
vendors are TIS Gauntlet . BorderWare . Raotor . CvberGuard and IBM SecureWav . 

J. INSTALLING A PROXY SERVER 

In order to implement the dual web server evaluation test while we use one 
Internet connection and two PCs. we had to install a program called proxy server. A 
Proxy server is a program that allows any machine on our local network to route its 
requests through a central machine that act as a gateway to the Internet. In addition, it 
offers some security (firewall) that protects the computers on the LAN from outside 
attacks. In our implementation, we chose to install a proxy server program in the 
Pentium200 PC in order to share the same Internet connection with the LAN. Thus, using 
only one connection to the Internet with one modem in the Pentium200 PC wt enable 
Internet access for the Penlium233 PC and protection of this PC as well. 

We downloaded AnalogX Proxy v 5.0 from its web site [Ref. 10]. Its file size is 
very small (just ISS.lKbytes). In order to install this proxy server, we run the 
downloaded file on the machine with the Internet connection and configure the other 
machine to use a proxy. The procedures of install and configure take only few minutes 
(see Figure 28). 



45 




Figure 28: Configuring the AnalogX Proxy Serv'er 
AnalogX Protocols 



AnalogX supports the following protocols: 

• HTTP (for web browsers-port # 6588), 

• HTTPS (for secure web browsers-port # 6588), 

• POPS (for receiving mail, pon #1 10). 

• SMTP (for sending mail, pon # 25) NNTP (usenet newsgroups, port#l 19), 

• FTP (file transferring, port# 21), 

• SOCKS4 (TCP proxying, port # 1080), 

• SOCKS4a (TCP prox>ing with DKS lookups, pon # 1080) 

• And partially (does not support UDP) Socks5, port # 1080) 

Moreover, AnalogX works with many web browsers like Internet Explorer, 

Netscape, AOL. AOL Instant Messenger or Microsoft Messenger. We can see if it is 
running by a round shaped red or green icon that appears at the lower right part of the 
screen on the toolbar (see Figure 29). 
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Figure 29: Indicator Icon of AnalogX Proxy Server 
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V. 



POST-IMPLEMENTATION REQUIREMENTS 



Creating the web server and its necessarv' components is not the difficult part of 
the job. The remaining job, which is the management and the maintenance, is the most 
difficult and simultaneously most critical. The role of a web manager proved to be very 
important and decisive for the viability of the web site. So, he or she must be properly 
qualified in order to carry out his or her mission successfully. Required skills include 
knowledge of management, statistical analysis, business, computers science and 
experience in project management and the Internet. 

Additional responsibilities include defining server standards, monitoring users, 
training others in web document design, policy formation and enforcement, and data 
owner support services. Successful web masters will bring a mix of skills and talents 
appropriate to the needs of the organization in building effective web systems [Ref21]. 
Below are listed some of the duties are usually assigned to a web manager [Ref 22]: 

■ Hosting account administration 

■ Disk space monitoring and management 

■ CPU resource monitoring 

■ Web application performance monitoring 

■ Review' of Web site access statistics 

■ Installing softw'are upgrades 

■ Domain name and digital server certificate status monitoring 

■ Safekeeping of digital certificates and private keys 
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■ Downloading and archiving log files 

■ Policing of data files, permission settings, and logs 

■ Periodic testing and preventive maintenance of security features 

■ Database performance monitoring 

■ Data archiving 

After installation of the web server and the development of the web site, crucial 
questions, concerning the administration of our web site, will arise. Some of them are 
listed below; 

A. HOW NLANY WEB SITES WILL BE HOSTED ON THIS SERVER? 

If we host only one site on our web server, it's no problem to monitor or maintain 
it. Putting more than one web site on a web server requires shared hosting. So, in a single 
w'eb server computer it is possible to host dozens or even hundreds of independent web 
sites. In this case, we must assign the duty of their maintenance to more than one person 
since it’s impossible for a single person to keep track of many w'eb sites. 

B. WHO WILL BE THE WEB ADMINISTRATOR. THE WTIB MASTER 
AND THE ACCOL^T MANAGER? 

This will depend upon the range of the Web server. In a high-end web server with 
a high volume of w'eb traffic, we need highly experienced persons for each of these 
duties. Of course the more complex the system the more people will be needed for the 



48 



above positions. Below is a description of each duty and the qualifications that the 
assigned person should have. 

1. Web Administrator 

This is the person that usually controls everything that is involved in the web jobs 
of an organization or a business. In large enterprises this may be the Chief Information 
Officer (CIO) of the company. He or she must be a highly experienced person specialized 
in Information Technology (IT) management. 

2. Account manager 

This person controls the people who are eligible to have access to the web serv'er 
files. An experienced and professional technician, specialized in computers can do this 
job. 

3. Web master. 

The web master is the person who accepts the feedback of all the users of the web 
site and evaluates which updates or improvements should be done in the web site. This is 
a job for a computer programmer, who knows html, web site development tools and 
Internet networking generally. 

C. WEB ADMINISTRATOR. RULES TO REMEMBER 

Below are listed some rules and tips that a web administrator should bear in mind 
in order to improve the quality of a web site [Ref 21]; 

1. Knowledge of our Clients 

The first precept of building any information system is to know our clientele and 
their information needs. The knowledge of these needs aids us in the improvement of our 
services. 
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2. Boosting the Data Owners 

Those who have responsibility for the content being served on our web server are 
the "owners" of the information and therefore should be involved in how it is presented. 
This involvement could be as trivial as advising the person who marks it up in HTML or 
as substantive as doing it themselves. Those falling into the latter categorv' should be 
supported in several ways such as: 

a. Personnel Training 

Training is crucial in the IT business. Everybody who deals with computers 
needs to be up-to-date in order to take advantage of new technologies and make best use 
of them. Since, no one is bom knowing HTML, markup training is certainly a beginning 
requirement. But beyond that our data owners may require training in using FTP. format 
conversion (e.g., Adobe .Acrobat files (.pdf), word processing to HTML conversion 
utilities), image acquisition and handling hardware (e.g.. scanners, digital cameras) and 
respective softw'are (e.g., Corel Draw), Internet searching techniques (e.g., search 
engines), and effective use of web browsers. 

b. Providing Templates 

Providing basic HTML templates for common structure types of web pages is 
a very helpful way to save time creating new files. The simplest way to do this is to write 
an HTML "shell" that data owners can fill in with their ow'n information. For some types 
of files that do not require sophisticated markup we may want to write a small program 
(i.e. script) that will create a web document with the appropriate basic markup for our 
server simply by filling in a few blanks on a form. This method can be particularly 
important to allows those who do not have the time or capacity to leam HTML to 
contribute information to our web server. 
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c. Sharing Information 

Chances are we do more HTML as a web manager than anyone else in our 
organization. Therefore we have likely learned a few things along the way. Share those 
tips and tricks with our data owners. Another idea is to create a mailing list of our data 
owners so that sharing information with them as a group could be an easy job. 

d. Providing Assistance 

Although we mav not have the time to hold evervone s hand, sometimes there 
is simply no substitute for sitting down with someone and showing him or her how to do 
something or even doing it for them while they are there to tell us how they want it. 

3. Formulation of Policies 

Sooner or later we will need to write policies that govern appropriate uses of our 
web server. With a written policy that has been reviewed by appropriate groups within 
your organization, we will be authorized to refuse requests that fall outside of this policy. 

4. Enforcement of Standards 

Maintaining a web server without setting and enforcing some standards could lead 
to disaster. If we allow our data owners to do anything thev like thev often will, and this 
will lead to "‘web disorder”. We must determine the essential limits on creativity to 
protect usability and user friendliness and stick to them. On the other hand, we must be 
careful not to set limits when none need exist. So. a good policy is to reevaluate our 
standards periodically. If they are too strict, we should loosen them up. If we are facing 
problems where no standards exist or where they are too loose, then it’s lime to be more 
strict. 
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5. Encouragement of Creativity 

Within the framework provided to the data owners, we can promote and 
encourage the creativity. The issue is to keep a reasonable balance. One way in w'hich 
this can be done is to specify the presence of some simple graphic element or text that 
will place the page in context (such as a button bar that identifies the institution) and 
leave the rest to be filled in by the data owner. In addition, w'hen we encourage creativity 
it is possible that those who are the most creative set examples that inspire and challenge 
the others. Applying this method can be a much more effective motivation than 
mandating participation. 

6. User Monitoring 

It is usual for the majority of web servers to keep statistics on client requests. 
Logs include data that specifies the tv'pe of client software used, the kinds of errors they 
are experiencing, and what pages they are looking at. All of these logs are typically 
available in a specific directory'. 

7. Studying the Competition 

A good web manager should be on the web as much as possible every day. The 
purpose is to see what others are doing and how they are doing it, and to get new’ graphic 
design ideas. Doing so, we can decide what we don't like by seeing the mistakes of 
others. 
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8. Checking the Links 

A common problem that all web managers face, is keeping the links on their 
server updated. Documents are moved every day, thereby making links that lead users 
nowhere. It is the responsibility of the web managers to help his data owners identify 
these links so they can be fixed. 



9. Striving for the Best 

No matter how good we are doing as web managers, there is always room for 
improvement. Below are some ways that we can be sure we are doing as well as possible, 
since they tend to be things that are overlooked by many web managers; 
a. Error Message Replacement page 

Most web server error messages are cryptic at best and user hostile at worst. 
The default ''file not found" error message is a nice example (see Figure 30). 




Figure 30: Default Screen for a "404 Not Found" error 
This error message tells the user nothing about finding the page they are looking 
for. Using the built-in ability of most web servers, we can replace the standard error 
messages with something that is more useful and descriptive (see Figure 31). 



53 



f Not Foimd Error (Ot SonSTE) 



ES 



I lOiC^Wt>. ►ftp Z/ft/^lV •Ow/tn.T 

»>>'»» V ?*»v? ; V^v^T-fCoaT? Kiodboo«: iWt fWtDv>c<»r<; , Softer «r» 






^ T ' Collections Catalogs Tools Info R&D Hdp/Scacch t 
^ Digital. • - 

library 

StinSlTE 



Document Not Found Error 

The file you vunt vos sot located Please try one of the follovin^ strate^es to find 



• ; S«£X?i Cif smisrrs ] ^ L^art 10 S> nSf 3 . 



• Oosblr-check 'Sir asldifir «ie::ri ta b ci^rrt — aia?* *sot local' <1103 cor* lion 

ir^'Tsc3CS?^a Cl C* £> »i<ls‘SJ 

• Ciop 3ir ev>!:3rcj:;:^ 5^; c* Icc* s^xs^i (!j 3 ?* v?J. Occaaoa adlojoi) srd 07 «iauo. 

• SeaC cn«: » Car 2uoCi’T2 fvcw: Mtrajr;, urJataa; Car URL (locnscnt oCdrrss) C»i job wc4 

Thank 70a for your patience * 

* Cojj'CcLiO iv^L'C A'r-j-t-a 

OoexsT-f-nt nftascarS a: ’iLnpKT^xx:r» by&gV y r4ri'etn?xa'aoC3tai. Incil by Cv» SuaCTTS Xsoajn 
LarrcpCdir 3.'LS.*?C SixSTTE M.’ta.ncfr 

jrNj^' wv>r*o 6»rfc»W j»Cu 



^1 



Figure 31: Screen of a replacement error message for a "404 Not Found" error [Ref.21]. 



b. Referrals 

One of the most direct ways to prevent users from losing our information 
when we move some pages is to create a new page pointing to the new location. On such 
a page we will tvpically request that the user update any bookmarks or links that they 
have to the old location (see Figure 32). 
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Figure 32. Screen of a Referral to a New Web Address [Ref.21]. 
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c. Redirecting a Web Page Address 

Redirection is the procedure whereby we can specify the new location of a 
document behind the scenes. Then, w'hen a user requests the document at the old location 
they are automatically redirected to the new location. Doing this we avoid the appearance 
of "404 File Not Found" error message as w'ell as the need to put up an explicit referral. 

10. Question Everything 

It is all too easy to assume that our first decisions on the design of our server are 
the best. So, we should periodically question all of our decisions and search if there is a 
better w’ay to organize our information or design a particular page. We also have to ask 
for critical evaluations from our users and other staff in our organization. 

Finally, we have to look critically at each web page for accuracy, usability, good 
visual design, and proper display in different browsers. 

D. MAINTENANCE 

1. Backup 

A frequent backup and an installed UPS can provide us with a high level of 
assurance against any accidental loss of data. 

2. T roubleshooting 

A FAQ can be installed and utilized each time someone needs assistance 
resolving possible problems that may occur. 
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E. 



WEB SITE ADMINISTRATIVE TOOLS 



Large scale or mission-critical websites usually require some automated tools to 
optimize performance and provide effective management. These tools are software 
programs that can help us to manage and maintain a web site. There are four main 
categories of web management tools [Ref.23j: 

1. Web Site Change and Configuration Management Tools. 

2. Web Site Integrity and Accuracy Tools. 

3. Tools that Gather Analyze the Traffic and Usage Patterns. 

4. Tools that Help Examine and Manage Web Site Content. 

F. AN EXAMPLE OF WTIB SITE CHLANGE MANAGEMENT PROGRAM 

[Ref.24] 

1. Description 

Stage2Live is a web site change management program. It assists with incremental 
site updates by copying and recording files that have changed on our web servers. A site 
rebuild feature lets us restore our web site to any earlier version that was placed into the 
library. A complete Version 3.2 can be downloaded for free from the Internet. 

All monitored files are synchronized into a system library, where we can later 
examine and/or restore multiple revisions of the same file. This is an excellent method for 
keeping a historical reference of our web site. 

Stage2Live can be used to create an automated one-to-many or many-to-many site 
release strategy for html, asp, text, graphic, and other web files. The program also 
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supports FTP uploads to your destination sites. Restore previous versions of the files on 
our web site. 



2. Prerequisites 

In order to run Stage2Live with Windows 9x/NT/2000, we must have Microsoft 
Access 97 or 2000 installed in our computer. 

Below are some snapshots of the Stage2Live program (see Figures 33-34). 



Figure 33: Main Page of Stage2Live Program 
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Figure 34: Log History of our Web Site using Stage2Live Program 
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Figure 35. Web Pages or Files that Added. Changed Or Deleted Using Stage2Live 

Program 

G. FINALS NOTES ABOUT WEB MANAGEMENT 

A good manager must always be proactive and prevent problems before they 
arise. This is the best policy to implement in order for an organization or a business to run 
effectively. 
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VI. CONCLUSIONS ANT) RECOMENDATIONS 



A. CONCLUSIONS 

1- Topology 

In chapter IV, we noticed that each LAN configuration has cons and pros. If we 
want functionality and simplicity, we should place our web server out side of a LAN or a 
firewall. In the case that our server provides confidential or restricted information and we 
need increased security, we have to be oriented to the firewall and proxy solutions. 

2. Security Issues 

The Internet has never been a secure place nor will it be in the near future. 
Problems with possible hackers will continue to exist and as people become more 
educated especially in the technical fields the number of “intruders” will continue to rise. 
The remedy for this situation is to design more secure systems that will prevent possible 
attacks. In addition, web server administrators have to check and to restrict the 
publication of any kind of information such as names, addresses, phone numbers, credit 
card and social security numbers of individuals that will be utilized by possible hackers 
for frauds or any other criminal actions. 

Finally, because a system will never become 100% secure, we must be sure when 
we are requested to send any sensitive information via the Internet. For this reason, the 
Security Information alert window can provide a warning message, if we requested a 
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secure document or if we are going to submit any kind of information via our web 
browser (See figures 36 and 37). 
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Figure 36: Security Information Alert Window for Secure Documents 
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Figure 37: Security Information Alert Window about Insecure Site 
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The use of a proxy server proved very valuable, because it can filter whatever we 
chose to prohibit from our computer. Moreover, it was ver\' easy to use and didn’t 
consume a lot of resources. 

3. Personal Web Serv er 

PWS proved to be a very handy and useful w'eb server. Regardless of its limited 
capacity. PWS has handling capabilities that some of the high-end counterparts have. 
Using the main menu you can monitor many activities such as the number of active 
connections, the visitors, the requests and the even the number of bytes served. You can 
also view some statistics in a graphical mode (bar charts) such as the requests per day or 
per hour, or the visitors per day or per hour. 

4. Internet Information Services Web Server 

Using IIS under Windows 2000 Professional, and utilizing ASP technology, 
increased security is possible, because Window's 2000 authentication can be used. With 
only 82 MB R.AM, instead of the best-suggested 128 MB, we encountered no problems, 
probably because the web traffic w'as just one client (the Pentium 233 PC). How'ever, w'e 
cannot estimate the efficiency of our web server in a high traffic situation, since it w'asn't 
possible to check it in such conditions. In addition, the operation of IIS compared with 
PWS is more complex, because of its additional capabilities and it should be administered 
by an expert. 
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5. Access Control 



One of the problems that we faced during the implementation phase was the 
configuration of the Ethernet cards that this small LAN used. In order to make them 
work, we decided to swap the two cards and install the necessary' drivers from the start. 
.Another issue was the increased security that Window's 2000 Professional provides 
(comparing with the Win95.) So, every time that we tried to connect the Win95 PC with 
the Win2000 PC. we were asked for a valid password (See Figure 38). 




Enlei username for 1 921 68.0.1 at 1 921 68.0.1 : 



User Name; 
Password [ 



OK 



Cancel 



Figure 38; Username and Password Check for a LAN 

While logged in Win95 PC (in our case in Pentium233hmz PC) as a '‘userX'^ 
using as a password “passwordY”, in order to be connected to the Win2000 PC (in our 
case Pentium200 PC), userX must have an established account on the Windows 2000 
server. We overcame this obstacle by opening a new account in Win2000 PC that was 
identical to the Win95 PC one. 



6. Web Site Performance 

When the client requested web pages from the web server, the server responded 
instantly. .And that’s because the connection speed between the two PC’s was the highest 
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possible due to the fact that the two PC’s were interconnected in a LAN and there was no 
other network traffic to interfere. 



Both Netscape and Microsoft Internet Explorer proved to be ver\’ efficient as web 
clients. Netscape has proved more practical especially concerning the issue of handling 
the e-mailing, because a separate program is not required to see your e-mail, like 
Microsoft Outlook. 

The use of Microsoft FrontPage 2000 as a web site development tool was proved 
very efficient and easy to use. It is a very capable tool for the novice and intermediate 
level web developers. Restricting the use of graphics proved to be very efficient in 
reducing the downloading time. 

7. Web Site Security 
a. In Web Server 

Since w'e experimented with unclassified subjects, we w^ere not obliged to use 
any kind of security measures, such as encryption or security certificate) in order to 
protect our web site. But for practice purposes we activated SSL, which can give us a 
kind of security, provided that we activated SSL feature also in FrontPage, in the Web 
browsers, and web servers (See Figure 39). 
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Figure 39: SSL Setting In IIS Web Serv^er 
b. Frontpage 2000 

Frontpage provides administrative tools that let us set permissions and limit 
access to our web site. FrontPage security is based on the security mechanism used by the 
Web server and its operating system. In FrontPage we can specify the type of access that 
each user has. Users can have one of the following t>p>es of permission [Ref. 19]: 

• Browse — the user can browse the files in the web. 

• .4uthor — the user can brow'se and change the files in a web. 

• Administer — the user can browse and change the files in the web, 
and can also administer the web by adding and removing users. On 
systems running US, FrontPage grants administrator access by default 
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to all members of the Windows NT Administrators group and the 
system account. 

c. Web Browsers 



From the web browser point of view specifically IE 5.0 provides us with two 
different types of security certificates [Ref.20]; 

(1) A ''personal certificate" is a kind of guarantee that you are who 
you say you are. This information is used when you send personal information over the 
Internet to a Web site that requires a certificate verifying your identity. 

(2) A "Web site certificate" states that a specific Web site is secure 
and genuine. It ensures that no other Web site can assume the identity of the original 
secure site. 



Netscape 4.77 provides various types of security settings two different types of 
certificates, from the most simple to the most advanced SSL v3 (See Figure 40). 



r 



^ConfigareCiphen 









^ Configure Ciphers 

Select ciphers to enable for SSL v3 

• ^ RC4 encryption with a key and an MD5 MAC 

fl- 1401 connptiant tnple D£S encryption and SHA-i MAC 

• E. Triple D£S encryption with a 258-bit key and a SHA-i MAC 

• P FIPS 140-1 compliant DES encryption and SHA-1 MAC 

• DES encryption with a SS-’bit key and a SHA-1 MAC 

• 5 encryption with a S6-bit key ar>d a SHA-1 MAC 

• 5. encryption in C&C tnode with a 55-bit key and a SHA-1 MAC 

• E ©ncryptwn with a 40-bit key and an M05 MAC 

• ^ RC2 ancryptk>n with a 40-bit key arwi an MAC 

• C. encryption with an MDS MAC 



OK. j Casicci [ 



Figure 40; Encryption Setting In Netscape Navigator v4.77 
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The Internet is a place that everyone can do almost what ever he or she wishes. 

The possibility of "cyber anarchy" with no restrictions at all is ver\' high. The positive of 
this situation is that knowledge and information is freely distributed all over the world 
and the Internet is a rapidly evolving entity. Every day a lot of web business companies 
offer free Internet connection, free web space to host your web site and even DNS. 
Offering these free services, the companies advertise their products, and utilize your mail 
or e-mail address in order to promote their products. This situation gives e-commerce a 
tremendous boost and the traditional way of buving things tends to be changed in the near 
future. The negative side of this story is that crime is also distributed freely via the 
Internet and it is very difficult to stop. 

Web server technology helps the situation. Big corporations with high web traffic 
can use high-end hardware and high-end web serv^ers and improve their business. Small 
web serv'ers running on popular operating systems installed on affordable hardware 
platforms are designed in such way that almost everybody can utilize them. In 
conclusion, almost everybody can obtain and run a web server and publicize his or her 
web site to the Internet. 

B. RECOMMENDATIONS 

For the small businesses with low traffic or for home web serv'ers, Microsoft’s 
Personal w-eb server proved very efficient. Since, PWS has limited capabilities it’s ideal 
for testing our web site inside a relatively small Intranet, before we publish our pages on 
the Internet. 
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By monitoring traffic on our web sites using the log capabilities, we can see if the 
traffic is getting higher. This may give us an indication that we need a software upgrade, 
or both in order to effectively handle the increased traffic. 

If we stay in Windows OS and especially Win NT or Win2000, one of the best 
solutions would be Internet Information Services v5.0, which is the second most popular 
web server in the world market following Apache server (see Appendix F for more 
details). In addition, there are other editions of Win2000, like Windows2000 Server or 
Advanced Server that cover the needs of very large enterprises, but is relatively 
expensive. 

If the operating system does not meet our needs and we intend to switch to UNTX- 
LINUX like machines, we have to consider seriously using the most popular freeware 
web server, which is the Apache server. Of course in this case, we have to take under 
consideration the acquisition cost of the necessary hardware that may be higher than the 
PC/NT platforms. 

Software scientists are continuously working to construct web servers that will 
run faster, provide higher security, have a better interface and will be easy to handle. 
Nowadays there is tendency to the freeware and this is one of the reasons that has made 
the Apache web server so popular (it currently claims the 60% of the installed web 
serv’ers worldwide). If this trend persists, in few years we may see that the majority of the 
servers (web servers included) in use are based on open source software. 
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Both Internet Explorer 5.0 and Netscape Communicator 4.77 proved very efficient 
web brow'sers. So. ultimately the decision boils down to personal choice. Concerning the 
web site development tool, FrontPage 2000 proved a very handy program with many 
capabilities for novice and intermediate developers. Finally, I think that the combination 
of the IIS as a webs server, FrontPage as the developer tool and the EE 5.0 as a web 
browser could be one of the best choices that someone could have in order to set up, 
operate and maintain a professional looking w'eb site. 
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APPENDIX A 



Naval Postgraduate School Campus Web Servers in Operation 



(htiT)://adDsec.nps.navv.mi]/webservers.htm ) 



S/N 


Server Name 


VL.AN Support 


Platform/OS 

! 


Web Server 


[ 

1 


web.nps.navy.mil 


Extranet/05 


Sun/Solaris j 


1 Apache 

i 


2 


hopper.nps.navy.mil 


Extranet/05 


Sun/Solaris 

1 


i Apache 

1 


3 


itwarrior.nps.navy.mil 


Extranet/05 


PC/NT 


IIS 

j 


4 


bulkhead.nps.navy.mil 


Extranet/05 


PC/NT 


|IIS ' 


5 


wildcat.nps.navy.mil 


Extranet/05 


PC/XT 


:ns 


6 


spitfire.nps.navy.mil 


Extranet/ 10 


PC/XT 

1 


us 


7 


data.lib.nps.navy.mil 


Extranet/ 13 


PC/XT 


^ IIS 

i 1 


8 i 


marines.nps.navy.mil 


Extranet/37 


PC/XT 


IIS : 

i 1 


9 1 


1 research.nps.navy.mil 


Extranet/AA 


, X/A 


X/A 1 

j 


10 ; 

j : 


aa.nps.navy.mil ' 

i 


Extranet/AA 


N/A 


X/A 


1 


luqipc.cs.nps.navy.mil ^ 


Extranet/CS 


j PC/Win95 

1 


Ms PWS 

1 


1 12 

! 

i 


caps.nps.navy.mil 


Extranet/CS 


Sun/SunOS 


Xetscape | 

1 


j 12 


i cisr.nps.navv.mil 

1 


Extranet/CS 


i SGI/ERIX 


Xetscape 


: 14 

1 


1 interact.nps.navy.mil 


Extranet/CS 


‘ SGI/IRIX 

1 


Xetscape 


15 


I moves.nps.navy.mil 


Extranet/CS 


SGI/IRIX 

1 


Xetscape 

i 


16 


1 npsnet.nps.navy.mil 


Extranet/CS 


SGI/IRIX 


Xetscape j 


! 17 

1 

1 


1 cs.nps.navy.mil 


Extranet/CS 


Sun/SunOS 


Xetscape 


18 


iscas.nps.navy.mil 


Extranet/EC 


j PC/XT 

1 


Ms PWS 


19 


fear.nps.navy.mil 


1 Extranet/EC 


1 SGI/IRIX 


Xetscape 
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S/N Server Name VLAN Support Platform/OS 


1 Web Server ! 

i 


20 pc427b3.ece.nps.navy.mil ■ Exiranet/EC ! PC/NT ■ Netscape j 

^ 1 


21 oapiweb01.nps.navy.mil Extranet/OI PC/NT 


IIS j 


22 OAPPVEBDl Extranet/OI PC/NT 


! IIS 


23 Oapiwebdl.nps.navy.mil Extranet/OI PC/NT 


I IIS 


24 


Ideatest.nps.navy.mil Extranet/OI PC/NT 

131.120..70.121 


: ns i 

1 t 


25 


Ideatest.nps.navy.mil Extranet/OI 

131.120..70.I22 


PC/NT 


i ns 1 

1 1 

i 


26 jvle.nps.navy.mil Extranet/OI 


PC/NT 


1 ns j 


27 diana.or.nps.navy.mil 


Extranet/OR 


Linux 


Apache j 

1 


28 spica.or.nps.navy.mil | 


Extranet/OR 


MAC/MacOS 


1 Apache j 

I 


1 29 magog.sm.nps.navy.mil 

1 


Extranet/S M 


i PC/NT 


IIS 1 


30 


wings.sm.nps.navy.mil 


Extranet/SM 


: PC/NT 1 Apache 

i i 


31 


satcom.sp.nps.navy.mil i 


Extranet/S P 


PC/Linux 1 Apache 


32 


gs-control.sp.nps.navy.mil 


Extranet/SP 


PC/Linux 1 Apache 

1 


i 33 

j 


sp.nps.navy.mil | 


Extranet/S P 


PC/Linux 1 


1 Apache 


; 34 


devo.stl.nps.navy.mil 


Extranet/STL 


SGl/IRIX 


Apache 


35 


: compaq204.trac.nps.navy. 

' 

mil 


Extranet/TRAC j 


PC/NT 


IIS 


|36 


1 dellsvr.trac.nps.navy.mil 

1 


j Extranet/Trac 


, PC/NT 


Apache 


37 


1 met.nps.navy.mil 


Intranet/MR 1 SGI/IRIX 

1 


Apache 


38 


1 ptsur.nps.navy.mil 


Unknown I SGI/IRIX 

1 1 


Apache 
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39 

i 


usw.nps.navy.mil 

i 


Unknown 

1 


SGI/IRIX 


Apache j 


,40. 


' Metricssrv.nps.navy.mil 


1 DNA 


PC/XT 


IIS 

i 

1 
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APPENDIX B 



Web Server Baseline Assessment 

The following data was collected from a survey of operational web serv'ers at the 
Naval Postgraduate School: 

A. GENERAL INFORMATION 

1. NTS has 40 web servers installed. 45 % of them use Win NT, 22.5% use 
SGI/IRIX and 7.5 % PC/LENUX. The rest use Sun/Solaris, Sun/Sun OS, Linux, 
MacAlacOS, PCAVin 95 and 3 of 40 provided no data. 

2. A break down of web serv'ers shows 35% use Microsoft IIS web server, 
32.5% use open source Apache web server, 20% Netscape, 5% use MS PWS and 7.5 
provided no data. 

B. WEB SERVER AVAILABLE SOFTW ARE 

1. Apache web server (for Sun-Linux -IRIX platforms mainly). 

2. Windows ns (for NT/PC). 

3. Netscape web server (for SGI/IRIX mainly). 

C. HARDWARE PLATFORMS 

1. Unix/SLTs' like platform. 

2. PC like platform. 

3. Macintosh platform. 
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D. SECURITY CONCERNS 

1. Proxy servers. 

2. Gateways (Bastion). 

3. Windows XT security features. 

4. Routers. 

E. WEB SITE DEVELOPMENT SOFTWARE TOOLS AVAILABLE 

1 . Microsoft Front Page for W'indows. 

2. Netscape Composer. 

3. .Adobe Pagemil (old version). 

4. HoTMetal. 

5. Macromedia Dreamweaver. 

6. Net objects Fusion version 4.0 or 5.0 and Team Fusion Client 2000. 

F. PROTOCOLS USED 

1. HTTP. 

2. FTP. 

3. TCP/IP. 

G. CONCLUSION 

I think that a PC/NT platform and Microsoft IIS as web server SAV would be the 
best solution, because it is more user-friendly and NPS is already licensed to use it. 
Furthermore it is easier to maintain. Microsoft Personal Web Server that runs on 
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Windows 9x or 2000 Professional edition would also be good choice. For web page 
construction Microsoft FrontPage 2000 would be a good choice, because it is more user 
friendly and has more capabilities compared with other editors. 
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APPENDIX C 



Suggested Configuration (Optima!) for a Web Server that Uses PCAVindows 

9X-NT-2000 Platform. 

I consider that the following requirements would be the most appropriate to 
implement a suitable web server; 

A. PHYSICAL WEB SERVER REQUIREMENTS 

1. Type of ser\^er: PC -based 

2. Server station internal architectural characteristics 

a. Motherboard; Any motherboard that supports Intel Pentium II or III CPU 

b. Microprocessor; Pentium II or III /450 - 700 MHz 

c. RAM; At least 128 MB SDRAM DIMM/PC 100 MHz expandable at 
least up to 256 MB. 

d. Ports; At least 1 serial, 1 parallel free port. 

3. Number of expansion slots: At least 4 empty PCI expansion slots. 

4. T\p>e of Network Interface Card (NIC): 10 Base T /lOO Mbps Ethernet. 

5. Permanent Storage Devices: Hard disk drive at least 12 GB Ultra DMA at 
5400 RPM or higher. 

6. Removable Storage media: FDD, Zip drive at least 100 MB, CD-ROM device 
at least 40 X speed. 

7. Backup Unit: Tape streamer or CD-RW unit. 

S. Video Graphics card; S-VGA with at least 4MB memory. 

9. Case; ATX case with at least 6 bays and power supply > 200 Watts. 

10. Monitor; At least 15" color monitor with dot pitch at most .27mm and at least 
1024 X 768 pixels maximum resolution. 

1 1 . UPS: any system that supports at least 600 KVA power devices 
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B. 



NETWORK REQUIREMENTS 



Since, it will be installed in a Personal computer that is a stand alone one, no 
firewall required, in addition, there is no need for transaction or message servers. Of 
course there are other alternatives for the web server connectivity that could be 
considered, with respective pros and cons. 

C. Communication Protocol Requirements 

TCP/IP 

D. Software requirements 

1. Windows Personal Web Server or Windows NT/IIS 

2. Microsoft Front Page 2000 or Net Objects Fusion 5.0 

3. Windows 2000 Professional would be the optimal solution with Windows 9x 
or NT (in the case that we will implement the IIS web server) 
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APPENDIX D 



Main Pages of the NPS Student Information Center Web Site 
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Figure 41: Main Welcome Page of the NPS Student Information Center Web Site 
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Figure 42; English Main Page of the NTS Student Information Center Web Site 
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Figure 43: Greek Main Page of the NTS Student Information Center Web Site 



80 





APPENDIX E 





List of Generic Top level Domains (gTLD) 


.com 


For commercial business 


•gov 


For government organizations 


.mil 


For military' organizations 


.edu 


For educational institutions 


•org 


For non-profit organisations 


.arts 


For arts or culture -oriented organizations 


.info 


For information services 


.net 


For computer networks 


.nom 


For individuals 


.store 


For online merchants 


.rec 


For recreation or entertainment resource 


.web 


For web-oriented organizations 



The first five TLD that listed above, established and used , while the rest remain 
inactive. There are also other TLDs that identify each different country that the web site 
belongs, like .uk for United Kingdom, ,gr for Greece or .de for Germany. In addition, 
there are combinations like .uk.com. 

The responsible organization for defining TLDs is ICANN (Internet Corporation 
for Assigned Names and Numbers). ICANN is a non-profit corporation that was formed 
to oversee IP address space allocation, protocol parameter assignment, domain name 
system management, and root server system management functions previously performed 
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under U.S. Government contract bv lANA and other entities. The last meeting of 
ICANN was held in 16 July 2000 in Yokohama-Japan. In 1 November 2000, the ICANTs 
will announce their decision about the new' top-level domains. [Ref.l ij 
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APPENDIX F 



Netcraft Web Server Survey 



The latest Netcraft Web Server Sur\'ey was held in the July 2000 and received 
responses from 18,169,498 sites. The following graphs depict the market share of various 
w'eb serv'ers. [Ref. IS] 




8B Apache: 62.53% 

EM Hicrosoft-IIS: 20.36% 

■I Other: 8.65% 

Netscape-Enterprise: 6*74% 
Rapidsite: 1^72% 



Figure 44: Web Server Count by Sites 
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Figure 45: Web server Count by Active Sites 
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Figure 46: Market Share for Top Servers Across All Domains August 1995 - July 2000 
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GLOSSARY OF TERMS AND ACRONYMS 



AD.MD: 


•Administration Management Domain 


CCITT: 


Consultative Committee for International Telegraphy and Telephony 


DSL: 


Digital Subscriber Line 


FAQ: 


Frequently Asked Questions 


FTP: 


File Transfer Protocol 


GIF: 


Graphics Interchange Format 


HTML: 


Hypertext Mark-up Language 


HTTP: 


Hypertext Transfer Protocol 


HTTPS: 


Hypertext Transfer Protocol Secure 


IE 5.0: 


Internet Explorer version 5.0 


IIS: 


Internet Information Services 


ISP: 


Internet Serv'ice Provider 


IT: 


Information Technology 


JPEG: 


Joint Photographic Experts Group 


MHS: 


Message Handling System 


NTFS: 


Network File System 


N^P: 


News Network Transfer Protocol 


PWS: 


Personal Web Server 


PNG: 


Portable Network Graphics. A recently invented graphics format that can be 



10 to 30% more compressed than in a GIF format. 
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SSL: Secure Socket Layer is a protocol, which is used to transmit encr\pted data 

between a client and a serv'er. 

TCP/IP: Transaction Control Protocol/Intemet Protocol 

UDP: User Datagram Protocol, which is the TCP/IP protocol that provides 

application programs with connectionless communication service. 

URL: Unified Resource Locator, which consists of three parts: the protocol, the 

domain name and the path. 

WYSIWYG: What You See Is What You Get. This function of a program describes that 
what you see in your monitor is what you’ll finally have printed in your hard copy. 
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